encodeForLDAP

Encodes the input string for safe output in LDAP queries to prevent Cross Site Scripting attacks.

encodeForLDAP(string [,canonicalize]); → returns string

  1. CFDocs
  2. Functions
  3. ColdFusion 11 New Functions and Tags
  4. encodeForLDAP
  5. CF11+
  6. Lucee4.5+
  7. BL 1.0.0+
  8. 0 Issue
  9. Edit
See Also:   encodeForDN

Argument Reference

string string
Required

String to encode.

canonicalize boolean
Default: false

If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded.
When this parameter is not specified, canonicalization will not happen. By default, when canonicalization is performed, both mixed and multiple encodings will be allowed.
To use any other combinations you should canonicalize using canonicalize method and then do encoding.

Compatibility

ColdFusion:

Version 11+ Works on CF11+ but not documented.

BoxLang:

Version 1.0.0+ Requires the bx-esapi module.

Examples
Sample code invoking the encodeForLDAP function 

encodeForLDAP("pete) (| (password = * ) )")

Expected Result: pete\29 \28| \28password = \2a \29 \29

Signup for cfbreak to stay updated on the latest news from the ColdFusion / CFML community. One email, every friday.

Fork me on GitHub